From owner-svn-ports-head@FreeBSD.ORG Wed Sep 5 10:42:39 2012 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 252C21065673; Wed, 5 Sep 2012 10:42:39 +0000 (UTC) (envelope-from rea@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 1074E8FC08; Wed, 5 Sep 2012 10:42:39 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q85Agcvo020132; Wed, 5 Sep 2012 10:42:38 GMT (envelope-from rea@svn.freebsd.org) Received: (from rea@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q85Agc90020129; Wed, 5 Sep 2012 10:42:38 GMT (envelope-from rea@svn.freebsd.org) Message-Id: <201209051042.q85Agc90020129@svn.freebsd.org> From: Eygene Ryabinkin Date: Wed, 5 Sep 2012 10:42:38 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r303700 - head/security/vuxml X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Sep 2012 10:42:39 -0000 Author: rea Date: Wed Sep 5 10:42:38 2012 New Revision: 303700 URL: http://svn.freebsd.org/changeset/ports/303700 Log: VuXML: document XSS in MoinMoin before 1.9.4 via RST parser Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Sep 5 10:41:28 2012 (r303699) +++ head/security/vuxml/vuln.xml Wed Sep 5 10:42:38 2012 (r303700) @@ -51,6 +51,38 @@ Note: Please add new entries to the beg --> + + moinmoin -- cross-site scripting via RST parser + + + moinmoin + 1.9.4 + + + + +

MITRE CVE team reports:

+
+

Cross-site scripting (XSS) vulnerability in the + reStructuredText (rst) parser in parser/text_rst.py in + MoinMoin before 1.9.4, when docutils is installed or when + "format rst" is set, allows remote attackers to inject + arbitrary web script or HTML via a javascript: URL in the + refuri attribute.

+
+ + + + 46476 + CVE-2011-1058 + http://moinmo.in/SecurityFixes + + + 2011-02-21 + 2012-09-05 + + + moinmoin -- wrong processing of group membership